program:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0)
r1 = io_uring_setup(0xf08, &(0x7f0000000540)={0x0, 0x62d5, 0x38c1, 0x4, 0xa2})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f000000e000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f000000c000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0}, 0xa3)
syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL")
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='rdma.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000008c0), 0xfecc)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000100), 0xfecc)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0x1b)
io_uring_register$IORING_REGISTER_FILES(r1, 0x20, &(0x7f0000000000)=[r1], 0x1)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r4)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000480)={0x1, &(0x7f00000004c0)=[{0x1, 0xff, 0x6, 0x3c6b}]})
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$FS_IOC_FSGETXATTR(r7, 0x400455c8, 0x0)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r8, &(0x7f0000000240)={0x1f, 0x1}, 0x6)
ioctl$TIOCVHANGUP(r7, 0x5437, 0x0)
getsockname$packet(r8, 0x0, 0x0)
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r5, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

[   85.206293][ T4681] Bluetooth: hci0: command tx timeout
[   85.282341][ T5338] loop0: detected capacity change from 0 to 64
[   85.427720][ T5338] ------------[ cut here ]------------
[   85.430167][ T5338] WARNING: fs/buffer.c:1183 at mark_buffer_dirty+0x299/0x400, CPU#0: syz.0.0/5338
[   85.434845][ T5338] Modules linked in:
[   85.436571][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.440647][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.445007][ T5338] RIP: 0010:mark_buffer_dirty+0x299/0x400
[   85.447406][ T5338] Code: 4c 89 f7 e8 59 c2 db ff 49 8b 3e be 40 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 24 a2 fb ff e8 df ed 73 ff eb 8c e8 d8 ed 73 ff 90 <0f> 0b 90 e9 a5 fd ff ff e8 ca ed 73 ff 90 0f 0b 90 e9 cf fd ff ff
[   85.455444][ T5338] RSP: 0018:ffffc9000d48f608 EFLAGS: 00010287
[   85.458072][ T5338] RAX: ffffffff824d81d8 RBX: ffff88800092a2b8 RCX: 0000000000100000
[   85.461566][ T5338] RDX: ffffc9000f1da000 RSI: 000000000000129e RDI: 000000000000129f
[   85.465129][ T5338] RBP: ffff8880126c4001 R08: ffff88800092a2bf R09: 1ffff11000125457
[   85.468546][ T5338] R10: dffffc0000000000 R11: ffffed1000125458 R12: ffff888051d71400
[   85.471950][ T5338] R13: ffff8880004500e8 R14: ffff88800092a2b8 R15: 000000000000000a
[   85.475385][ T5338] FS:  00007f7348bda6c0(0000) GS:ffff88808d679000(0000) knlGS:0000000000000000
[   85.479385][ T5338] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.482193][ T5338] CR2: 0000200000002000 CR3: 0000000012298000 CR4: 0000000000352ef0
[   85.485775][ T5338] Call Trace:
[   85.487343][ T5338]  <TASK>
[   85.488693][ T5338]  bfs_get_block+0x5da/0xae0
[   85.490742][ T5338]  __block_write_begin_int+0x6b5/0x1900
[   85.493291][ T5338]  ? __pfx_workingset_update_node+0x10/0x10
[   85.495909][ T5338]  ? __pfx_bfs_get_block+0x10/0x10
[   85.498129][ T5338]  ? __pfx___block_write_begin_int+0x10/0x10
[   85.500718][ T5338]  ? __pfx_bfs_get_block+0x10/0x10
[   85.503138][ T5338]  block_write_begin+0x8d/0x120
[   85.505384][ T5338]  ? bfs_write_begin+0x1e/0xd0
[   85.507602][ T5338]  bfs_write_begin+0x35/0xd0
[   85.509718][ T5338]  generic_perform_write+0x2c5/0x900
[   85.512387][ T5338]  ? __pfx_generic_perform_write+0x10/0x10
[   85.515413][ T5338]  ? file_update_time_flags+0x2cb/0x4e0
[   85.518000][ T5338]  ? __generic_file_write_iter+0xf9/0x230
[   85.520484][ T5338]  ? generic_file_write_iter+0x103/0x550
[   85.522957][ T5338]  generic_file_write_iter+0x117/0x550
[   85.525248][ T5338]  ? __pfx_generic_file_write_iter+0x10/0x10
[   85.527784][ T5338]  ? __lock_acquire+0x146f/0x2cf0
[   85.530003][ T5338]  ? __pfx_aa_file_perm+0x10/0x10
[   85.532344][ T5338]  ? rcu_read_lock_any_held+0xb3/0x120
[   85.534790][ T5338]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   85.537792][ T5338]  vfs_write+0x5c9/0xb30
[   85.539901][ T5338]  ? __pfx_generic_file_write_iter+0x10/0x10
[   85.542551][ T5338]  ? __pfx_vfs_write+0x10/0x10
[   85.544634][ T5338]  ? __fget_files+0x2a/0x420
[   85.546454][ T5338]  ksys_write+0x145/0x250
[   85.548300][ T5338]  ? __pfx_ksys_write+0x10/0x10
[   85.550507][ T5338]  ? do_syscall_64+0xbe/0xf80
[   85.552792][ T5338]  do_syscall_64+0xfa/0xf80
[   85.554868][ T5338]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.557355][ T5338]  ? clear_bhb_loop+0x60/0xb0
[   85.559325][ T5338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.561689][ T5338] RIP: 0033:0x7f7347d8f7c9
[   85.563705][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.571151][ T5338] RSP: 002b:00007f7348bda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   85.574684][ T5338] RAX: ffffffffffffffda RBX: 00007f7347fe5fa0 RCX: 00007f7347d8f7c9
[   85.578111][ T5338] RDX: 000000000000fecc RSI: 00002000000008c0 RDI: 0000000000000006
[   85.581357][ T5338] RBP: 00007f7347e13f91 R08: 0000000000000000 R09: 0000000000000000
[   85.584678][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.588120][ T5338] R13: 00007f7347fe6038 R14: 00007f7347fe5fa0 R15: 00007ffeeabcd8b8
[   85.591147][ T5338]  </TASK>
[   85.592689][ T5338] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.595762][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.599719][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.604232][ T5338] Call Trace:
[   85.605721][ T5338]  <TASK>
[   85.607060][ T5338]  dump_stack_lvl+0x99/0x250
[   85.609204][ T5338]  ? __asan_memcpy+0x40/0x70
[   85.611137][ T5338]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.613233][ T5338]  ? __pfx__printk+0x10/0x10
[   85.615213][ T5338]  vpanic+0x237/0x6d0
[   85.617044][ T5338]  ? __pfx_vpanic+0x10/0x10
[   85.618681][ T5338]  ? is_bpf_text_address+0x292/0x2b0
[   85.621064][ T5338]  ? is_bpf_text_address+0x26/0x2b0
[   85.623380][ T5338]  panic+0xb9/0xc0
[   85.625070][ T5338]  ? __pfx_panic+0x10/0x10
[   85.626998][ T5338]  __warn+0x317/0x4b0
[   85.628721][ T5338]  ? mark_buffer_dirty+0x299/0x400
[   85.630893][ T5338]  ? mark_buffer_dirty+0x299/0x400
[   85.633051][ T5338]  __report_bug+0x288/0x500
[   85.634991][ T5338]  ? __pfx___might_resched+0x10/0x10
[   85.637222][ T5338]  ? mark_buffer_dirty+0x299/0x400
[   85.639191][ T5338]  ? __pfx___report_bug+0x10/0x10
[   85.641254][ T5338]  ? find_get_block_common+0xc26/0xfc0
[   85.643663][ T5338]  ? find_get_block_common+0xc86/0xfc0
[   85.646228][ T5338]  ? mark_buffer_dirty+0x299/0x400
[   85.648367][ T5338]  report_bug+0x16a/0x220
[   85.650080][ T5338]  ? mark_buffer_dirty+0x299/0x400
[   85.652328][ T5338]  ? mark_buffer_dirty+0x29b/0x400
[   85.654522][ T5338]  handle_bug+0x98/0x200
[   85.656273][ T5338]  exc_invalid_op+0x1a/0x50
[   85.658139][ T5338]  asm_exc_invalid_op+0x1a/0x20
[   85.660404][ T5338] RIP: 0010:mark_buffer_dirty+0x299/0x400
[   85.662876][ T5338] Code: 4c 89 f7 e8 59 c2 db ff 49 8b 3e be 40 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 24 a2 fb ff e8 df ed 73 ff eb 8c e8 d8 ed 73 ff 90 <0f> 0b 90 e9 a5 fd ff ff e8 ca ed 73 ff 90 0f 0b 90 e9 cf fd ff ff
[   85.671583][ T5338] RSP: 0018:ffffc9000d48f608 EFLAGS: 00010287
[   85.674357][ T5338] RAX: ffffffff824d81d8 RBX: ffff88800092a2b8 RCX: 0000000000100000
[   85.677829][ T5338] RDX: ffffc9000f1da000 RSI: 000000000000129e RDI: 000000000000129f
[   85.681208][ T5338] RBP: ffff8880126c4001 R08: ffff88800092a2bf R09: 1ffff11000125457
[   85.684437][ T5338] R10: dffffc0000000000 R11: ffffed1000125458 R12: ffff888051d71400
[   85.687748][ T5338] R13: ffff8880004500e8 R14: ffff88800092a2b8 R15: 000000000000000a
[   85.691150][ T5338]  ? mark_buffer_dirty+0x298/0x400
[   85.693329][ T5338]  ? mark_buffer_dirty+0x298/0x400
[   85.695692][ T5338]  bfs_get_block+0x5da/0xae0
[   85.697779][ T5338]  __block_write_begin_int+0x6b5/0x1900
[   85.700228][ T5338]  ? __pfx_workingset_update_node+0x10/0x10
[   85.702669][ T5338]  ? __pfx_bfs_get_block+0x10/0x10
[   85.704842][ T5338]  ? __pfx___block_write_begin_int+0x10/0x10
[   85.707341][ T5338]  ? __pfx_bfs_get_block+0x10/0x10
[   85.709549][ T5338]  block_write_begin+0x8d/0x120
[   85.711572][ T5338]  ? bfs_write_begin+0x1e/0xd0
[   85.713675][ T5338]  bfs_write_begin+0x35/0xd0
[   85.715537][ T5338]  generic_perform_write+0x2c5/0x900
[   85.717557][ T5338]  ? __pfx_generic_perform_write+0x10/0x10
[   85.720009][ T5338]  ? file_update_time_flags+0x2cb/0x4e0
[   85.722262][ T5338]  ? __generic_file_write_iter+0xf9/0x230
[   85.724613][ T5338]  ? generic_file_write_iter+0x103/0x550
[   85.726975][ T5338]  generic_file_write_iter+0x117/0x550
[   85.729273][ T5338]  ? __pfx_generic_file_write_iter+0x10/0x10
[   85.731875][ T5338]  ? __lock_acquire+0x146f/0x2cf0
[   85.734076][ T5338]  ? __pfx_aa_file_perm+0x10/0x10
[   85.736323][ T5338]  ? rcu_read_lock_any_held+0xb3/0x120
[   85.738656][ T5338]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   85.741059][ T5338]  vfs_write+0x5c9/0xb30
[   85.742862][ T5338]  ? __pfx_generic_file_write_iter+0x10/0x10
[   85.745372][ T5338]  ? __pfx_vfs_write+0x10/0x10
[   85.747389][ T5338]  ? __fget_files+0x2a/0x420
[   85.749404][ T5338]  ksys_write+0x145/0x250
[   85.751220][ T5338]  ? __pfx_ksys_write+0x10/0x10
[   85.753318][ T5338]  ? do_syscall_64+0xbe/0xf80
[   85.755347][ T5338]  do_syscall_64+0xfa/0xf80
[   85.757350][ T5338]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.760068][ T5338]  ? clear_bhb_loop+0x60/0xb0
[   85.762162][ T5338]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.764702][ T5338] RIP: 0033:0x7f7347d8f7c9
[   85.766670][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.774731][ T5338] RSP: 002b:00007f7348bda038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   85.778123][ T5338] RAX: ffffffffffffffda RBX: 00007f7347fe5fa0 RCX: 00007f7347d8f7c9
[   85.781299][ T5338] RDX: 000000000000fecc RSI: 00002000000008c0 RDI: 0000000000000006
[   85.784615][ T5338] RBP: 00007f7347e13f91 R08: 0000000000000000 R09: 0000000000000000
[   85.787853][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.791326][ T5338] R13: 00007f7347fe6038 R14: 00007f7347fe5fa0 R15: 00007ffeeabcd8b8
[   85.794541][ T5338]  </TASK>
[   85.796198][ T5338] Kernel Offset: disabled
[   85.798126][ T5338] Rebooting in 86400 seconds..